<?php
//ienerating $content for admin / news.php

$db = new dbquery;

if(!$_GET['cmd'] or $_GET['cmd']=='suggest') {
	if(!perms_check('news', 'edit') and !perms_check('news', 'del')) {
		redirect('index.php?module=error&error=auth_error');
		exit;
	}

	SQLvalidate($_GET['rec']);
	if(!$_GET['rec'])
		$_GET['rec']=0;

	if(!$_GET['cat'])
		$_GET['cat']=0;

	$fields=array('id', 'title', 'text', 'cat', 'author', 'date');

	//sort
	if($_GET['sort']!='ASC' && $_GET['sort'] != 'DESC')
		$_GET['sort']='DESC';
	if(!$_GET['sortby'] or !in_array($_GET['sortby'], $fields))
		$_GET['sortby']='id';
	if($_GET['sort']=='ASC')
		$sortnext='DESC';
	else
		$sortnext='ASC';
	//

	if($_GET['sortby'] == 'title' or $_GET['sortby'] == 'text')
		$_GET['sortby'] .= "_$_SESSION[lang_short]";

	//search
	if($_GET['search'])
		$_POST['search']=$_GET['search'];
	$_POST['search']=read_text_rest($_POST['search']); //mozemy potraktowac strip_slasles bo ' s� zamienione na &#39;
	if($_POST['search']){
		$src=str_replace('*', '%', $_POST['search']);
		$sql=" WHERE title_$_SESSION[lang_short] LIKE '%$src%' or text_$_SESSION[lang_short] LIKE '%$src%'";
	}
	else
		$sql='';

	//suggest
	if($sql && $_GET['cmd']=='suggest')
		$sql.=' && visible=0';
	elseif($_GET['cmd']=='suggest')
		$sql.=' WHERE visible=0';

	//scategory (and subcategories)
	if($sql && $_GET['cat'])			
		$sql.=' && cat IN ('.implode(", ", get_subcategories($_GET['cat'])).', '.$_GET['cat'].')';
				elseif($_GET['cat'])
				$sql.=' WHERE cat IN ('.implode(", ", get_subcategories($_GET['cat'])).', '.$_GET['cat'].')';	

					$db = new dbquery;		

					$content = string_template(read_file('admin/themes/news_header.php'), array("sortnext" => $sortnext));

					$db = new dbquery;
					$db->query("SELECT * FROM $conf[prefix]news$sql") or $db->err(__FILE__, __LINE__);
					$q=$db->num_rows();

					$db->query("SELECT * FROM $conf[prefix]news$sql ORDER by $_GET[sortby] $_GET[sort] LIMIT $_GET[rec], $conf[admin_per_page]") or $db->err(__FILE__, __LINE__); 
					while($d=$db->fetch_object()) {
					$i++;
					if($i>2)
					$i=1;

					$ttl = "title_$_SESSION[lang_short]";
					$txt = "text_$_SESSION[lang_short]";

					$text=read_text_rest($d->$txt);
					$title=read_text_rest($d->$ttl);

					$d->source_url=read_text_rest($d->source_url);
					$d->source=read_text_rest($d->source);

					$content .= string_template(read_file('admin/themes/news_item.php'), array("id" => $d->id, "cat" => get_cat_name_by_id($d->cat), 'cat_id'=>$d->cat, "date" => date($conf['date_format'], strtotime($d->date)), "title" => add_dots($title, 30), "text" => add_dots($text, 30), "source_url" => $d->source_url, "source" => $d->source, "i" => $i));
					}

					$page_link=split_to_pages('<a href="index.php?module=admin&action=news&amp;sortby='.$_GET['sortby'].'&amp;sort='.$_GET['sort'].'&amp;search='.$_POST['search'].'&amp;cmd='.$_GET['cmd'].'&amp;rec={rec}">{nr}</A>', $conf['admin_per_page'], $q, $_GET['rec']);

					$content .= string_template(read_file('admin/themes/news_footer.php'), array('page_link'=>$page_link));
}
elseif($_GET['cmd']=='edit') {
	SQLvalidate($_GET['id']);

	if(!perms_check('news', 'edit')) {
		redirect('index.php?module=error&error=auth_error');
		exit;
	}

	$db->query("SELECT * FROM $conf[prefix]news WHERE id=$_GET[id]") or $db->err(__FILE__, __LINE__);

	//sprawdzanie czy news istnieje
	if($db->num_rows()==0) {
		redirect('index.php?module=admin&action=news');
		exit;
	}
	//

	$d=$db->fetch_object();
	$d->source_url=read_text_rest($d->source_url);
	$d->source=read_text_rest($d->source);

	//select author
	$select_author=get_redactor_options($d->author);
	//

	if(($d->visible) == 1)
		$visible = 'checked';
	else
		$visible = '';

	$ct = NULL;
	list_categories(0, 0, $d->cat, 1, $ct, NULL);

	$array = array('theme_path'=>$GLOBALS['theme_path'], 'function' => 'news_edit', 'id' => $d->id, 'date' => $d->date, 'ldate' => date($conf['date_format'], strtotime($d->date)), "select_author" => $select_author, "source" => $d->source, "source_url" => $d->source_url, "cat" => $d->cat, "categories" => $ct, "checked"=>$visible);

	$multi = NULL;

	$langs = get_lang_list();

	$i = 0;
	foreach($langs as $key => $l) {
		$i++;
		if($l==$_SESSION['lang_short']) {
			$icon = 'collapse';
			$style = 'block';
		}
		else {
			$icon = 'expand';
			$style = 'none';
		}

		$multi .= string_template(read_file('admin/themes/news_form_multi.php'), array('lang' => $l, 'language' => strtoupper($l), 'icon' => $GLOBALS['theme_path'].$GLOBALS['theme_img'][$icon], 'style' => $style, 'i' => $i));
		$t = "title_$l";
		$array["$t"] = read_text_rest($d->$t);
		$t = "text_$l";
		$array["$t"] = read_text_edit($d->$t);
	}

	$content = string_template(read_file('admin/themes/news_form.php'), array('multi' => $multi));
	$content = string_template($content, $array);
}
elseif($_GET['cmd']=='add') {

	if(!perms_check('news', 'write')) {
		redirect('index.php?module=error&error=auth_error');
		exit;
	}

	//select author
	$select_author=get_redactor_options($_SESSION['id']);
	//

	$ct = NULL;
	list_categories(0, 0, 'select', 1, $ct, NULL);

	$array = array('theme_path'=>$GLOBALS['theme_path'], 'function' => 'news_add', 'date' => date('Y-m-d H:i:s'), 'ldate' => date($conf['date_format'], strtotime(date('Y-m-d H:i:s'))), 'select_author' => $select_author, 'image' => '', 'source_url' => 'http://', 'source' => '', 'cat' => 0, 'categories' => $ct, 'checked' => 'CHECKED');

	$multi = NULL;

	$langs = get_lang_list();
	$languages = get_languages_list();

	$i = 0;

	foreach($langs as $key => $l) {
		$i++;
		if($l==$_SESSION['lang_short']) {
			$icon = 'collapse';
			$style = 'block';
		}
		else {
			$icon = 'expand';
			$style = 'none';
		}

		$multi .= string_template(read_file('admin/themes/news_form_multi.php'), array('lang' => $l, 'language' => strtoupper($l), 'icon' => $GLOBALS['theme_path'].$GLOBALS['theme_img'][$icon], 'style' => $style, 'i' => $i));
		$t = "title_$l";
		$array[$t] = '';
		$t = "text_$l";
		$array[$t] = '';
	}

	$content = string_template(read_file('admin/themes/news_form.php'), array('multi' => $multi));
	$content = string_template($content, $array);
}
elseif($_GET['cmd']=='really_delete') {
	SQLvalidate($_GET['id']);	
	if(!perms_check('news', 'del')) {
		redirect('index.php?module=error&error=auth_error');
		exit;
	}

	$db->query("SELECT * FROM $conf[prefix]news WHERE id=$_GET[id]") or $db->err(__FILE__, __LINE__);

	//sprawdzanie czy news istnieje
	if($db->num_rows()==0) {
		redirect('index.php?module=admin&action=news');
		exit;
	}
	//

	$d=$db->fetch_array();

	$what=read_text_rest($d["title_$_SESSION[lang_short]"]);

	$yes='<input type="button" onClick="javascript:location.href=\'index.php?module=news&function=news_delete&amp;id='.$_GET['id'].'\'" value="'.$lang['yes'].'" class="button">';
	$no='<input type="button" onClick="javascript:history.go(-1);" value="'.$lang['no'].'" class="button">';

	$content=string_template($lang['admin_really_delete'], array('what'=>$what, 'yes'=>$yes, 'no'=>$no));
}
elseif($_GET['cmd']=='really_multi') {
	SQLvalidate($_GET['id']);
	if($_GET['id'])
		$_POST['ids']=array($_GET['id']);

	if(!is_array($_POST['ids'])) {
		redirect($_SESSION['redirect_2']);
		exit;
	}

	$ids_='';
	foreach($_POST['ids'] as $id_) {
		$ids_.='<input type="hidden" value="'.$id_.'" name="ids[]" />';
	}
	if($_GET['url'])
		$url_='<input type="hidden" value="'.urldecode($_GET['url']).'" name="url" />';

	$yes='<form action="index.php?module=news&amp;function=news_multi_'.$_GET['what'].'" method="post">'.$ids_.$url_.'<input type="submit" value="'.$lang['yes'].'" class="button" />';
	$no='<input type="button" onClick="javascript:history.go(-1);" value="'.$lang['no'].'" class="button"> </form>';

	$content=string_template($lang['admin_really'], array('yes'=>$yes, 'no'=>$no));
}

$content=string_template(read_file('middle.php'), array('theme_path' => $GLOBALS['theme_path'], 'content' => $content, 'description' => $lang['admin_news']));
//
?>
